datatracker.ietf.org
Sign in
Version 5.6.4.p1, 2014-10-20
Report a bug

Mobile IPv4 Challenge/Response Extensions (Revised)
RFC 4721

Document type: RFC - Proposed Standard (January 2007; Errata)
Obsoletes RFC 3012
Updates RFC 3344
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4721 (Proposed Standard)
Responsible AD: Margaret Wasserman
Send notices to: mip4-chairs@tools.ietf.org

Network Working Group                                         C. Perkins
Request for Comments: 4721                         Nokia Research Center
Obsoletes: 3012                                               P. Calhoun
Updates: 3344                                        Cisco Systems, Inc.
Category: Standards Track                                    J. Bharatia
                                                         Nortel Networks
                                                            January 2007

          Mobile IPv4 Challenge/Response Extensions (Revised)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   Mobile IP, as originally specified, defines an authentication
   extension (the Mobile-Foreign Authentication extension) by which a
   mobile node can authenticate itself to a foreign agent.
   Unfortunately, that extension does not provide the foreign agent any
   direct guarantee that the protocol is protected from replays and does
   not allow for the use of existing techniques (such as Challenge
   Handshake Authentication Protocol (CHAP)) for authenticating portable
   computer devices.

   In this specification, we define extensions for the Mobile IP Agent
   Advertisements and the Registration Request that allow a foreign
   agent to use a challenge/response mechanism to authenticate the
   mobile node.

   Furthermore, this document updates RFC 3344 by including a new
   authentication extension called the Mobile-Authentication,
   Authorization, and Accounting (AAA) Authentication extension.  This
   new extension is provided so that a mobile node can supply
   credentials for authorization, using commonly available AAA
   infrastructure elements.  This authorization-enabling extension MAY
   co-exist in the same Registration Request with authentication
   extensions defined for Mobile IP Registration by RFC 3344.  This
   document obsoletes RFC 3012.

Perkins, et al.             Standards Track                     [Page 1]
RFC 4721       Mobile IPv4 Challenge/Response Extensions    January 2007

Table of Contents

   1. Introduction ....................................................2
      1.1. Terminology ................................................3
   2. Mobile IP Agent Advertisement Challenge Extension ...............4
      2.1. Handling of Solicited Agent Advertisements .................4
   3. Operation .......................................................5
      3.1. Mobile Node Processing of Registration Requests ............5
      3.2. Foreign Agent Processing of Registration Requests ..........6
            3.2.1. Foreign Agent Algorithm for Tracking Used
                   Challenges .........................................8
      3.3. Foreign Agent Processing of Registration Replies ...........9
      3.4. Home Agent Processing of Challenge Extensions .............10
      3.5. Mobile Node Processing of Registration Replies ............11
   4. Mobile-Foreign Challenge Extension .............................11
   5. Generalized Mobile IP Authentication Extension .................12
   6. Mobile-AAA Authentication Subtype ..............................13
   7. Reserved SPIs for Mobile IP ....................................14
   8. SPIs for RADIUS AAA Servers ....................................14
   9. Configurable Parameters ........................................15
   10. Error Values ..................................................16
   11. IANA Considerations ...........................................16
   12. Security Considerations .......................................17
   13. Acknowledgements ..............................................18
   14. Normative References ..........................................18
   Appendix A. Changes since RFC 3012 ................................20
   Appendix B. Verification Infrastructure ...........................21
   Appendix C. Message Flow for FA Challenge Messaging with
               Mobile-AAA Extension ..................................22
   Appendix D. Message Flow for FA Challenge Messaging with
               MN-FA Authentication ..................................23
   Appendix E. Example Pseudo-code for Tracking Used Challenges ......24

1.  Introduction

   Mobile IP defines the Mobile-Foreign Authentication extension to
   allow a mobile node to authenticate itself to a foreign agent.  Such
   authentication mechanisms are mostly external to the principal

[include full document text]